Users and permissions for "ghost backup" and "ghost update" commands

[justinacolmena]

Issue Summary

1. Why is there a check that the username is not "ghost" and no other reason why that should not work as well as any other username on the linux system? Installs and runs no problem as user ghost, but then it fails on that check when I try to back up the blog.
2. Why are root or sudo permissions needed to backup or update a "local" ghost installation which is supposed to run as a local user without root permissions? And there's nothing that the software really needs "root" permissions for except to set up or query the systemd "service" for it. Why not just stop and tell the user at that point what commands really need to be run as root? Potentially internet-facing services that drop privileges properly aren't supposed to be running in the wheel group or have sudo or be allowed to escalate their privileges like that.

Steps to Reproduce

1. Add user named "ghost" not knowing any better. Install ghost. It runs and works.
2. Run commands ghost backup and ghost update in the directory where ghost is installed.

Reason being, because nodejs was automatically updated on fedora, with dnf, so I wanted to make sure any nodejs applications on the system are updated on top of it.

Ghost Version

5.105.0

Node.js Version

v20.11.1

How did you install Ghost?

VPS running Fedora 41, caddy 2.8.4-1 for reverse proxy

Database type

MySQL 8

Browser & OS version

Fedora 41

Relevant log / error output

$ ghost update

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org



+ sudo systemctl is-active ghost_localhost
✔ Checking system Node.js version - found v20.11.1
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking memory availability
✔ Checking free space
✔ Checking for available migrations
✔ Checking for latest Ghost version

# 5.105.0

* 🔒 Limited permissions for uploaded files to 0644 (#21841) - Princi Vershwal
* ✨ Improved various aspects of comments app - Kevin Ansfield
* 🐛 Fixed responsive issues with Posts filters (#21871) - Daniël van der Winden
* 🐛 Fixed mobile navigation for Admin (#21863) - Daniël van der Winden
* 🐛 Fixed missing subscription attribution on free to paid upgrade (#21846) - Sag
* 🌐 Updated Catalan translations in comments.json (#21827) - Àlex Rodríguez Bacardit
* 🌐 Added missing Turkish translations to portal.json (#21784) - echobilisim3421
* 🌐 Updated Catalan translations in signup-form.json (#21831) - Àlex Rodríguez Bacardit

---

View the changelog for full details: https://github.com/tryghost/ghost/compare/v5.104.2...v5.105.0

✔ Fetched release notes
Version already installed.
ℹ Downloading and updating Ghost [skipped]
✔ Linking latest Ghost and recording versions
✔ Linking built-in themes
ℹ Removing old Ghost versions [skipped]

Code of Conduct

• I agree to be friendly and polite to people in this repository

[vikaspotluri123]

1. For the CLI, ghost is the system user that runs Ghost via systemd. Since ghost is supposed to be a system user, the CLI performs this check, since you shouldn't be running commands as a system user. If you can run ghost install as ghost without any issues, but ghost update errors, that's unexpected.

2. You shouldn't need sudo for local installs. For non-local installations, ghost backup might use sudo to check if your instance is running, and ghost update will need it to stop/start the instance.